GOST R ISO IEC 29100-2013 Information technology Security techniques Privacy framework《信息技术 安全技术 隐私框架》.pdf

1、 / 29100 2013 ISO/IEC 29100:2011 Information technology Security techniques Privacy framework (IDT) / 291002013 II 1 - ( ) ( ) , 4 2 22 3 08 2013 1539- 4 / 29100:2011 . . (ISO/IEC 29100:2011 Information technology Security techniques Privacy framework) 1.5 ( 3.5). 5 1.02012 ( 8). ( 1 ) , . () . , (g

2、ost.ru) , 2014 , . / 291002013 III () - (). , , . : - , ; - ; - ; - . . - - , , , . . , , . , , , . : - , , , ; - , ; - . , , , : - ; - ; - ; - ; - . , 2 5 / 1/ 27 (ISO/IEC JTC 1/SC 27 WG 5 Standing Document 2 (WG 5 SD2) Official Privacy Documents References) 3, , , . / 29100 / 1 , 27 . / 291002013

3、1 Information technology Security techniques Privacy framework 20150101 1 , : - ; - (); - , ; - . , , , , , , , , - () , . 2 : / 27000 / 27000, , A, / 27000, / 29100, . 2.1 (anonymity): , . 2.2 (anonymization): , , , . 2.3 (anonymized data): , . 2.4 (consent): , , . 2.5 (identifiability): , . 2.6 (i

4、dentify): . 2.7 (identity data): , . 2.8 (opt-in): , , , . , , . , , . , / 291002013 2 . , (, ). 2.9 ; (personally identifiable information, PII): : (a) , ; (b) . , , , , , , . 2.10 (PII controller): , ( , ), , , . (, ) , . 2.11 (PII principal): , . . 2.12 (PII processor): , , . 2.13 (privacy breach

5、): , . 2.14 (privacy controls): , . 1 , , , , , , , . 2 . 2.15 , (privacy enhancing technology, PET): , , , () . 1 , , , , , , () , . 2 , . 2.16 (privacy policy): , , , . 2.17 (privacy preferences): , , . 2.18 (privacy principles): , . 2.19 (privacy risk): . / 291002013 3 1 73 31000 . 2 , , , , . 2.20 (privacy risk assessment): , . . 2.21 (privacy safeguarding requirements): , . 2.22 , (privacy stakeholder): , , - , , , . 2.23 (processing of PII): , . ( ) , , , , , , , , , . 2.24 (pseudonymization): , , . 1 , . ( ), . 2 , , , , . 2.25 (secondary use): , . , , , , ,